[cap-talk] Confused deputies in hybrid systems (was: Loss of control)
Karp, Alan H
alan.karp at hp.com
Mon Feb 4 11:51:06 EST 2008
Toby Murray wrote:
>
> Bob delegates it to some service that IS in the domain. The
> service may
> incorrectly use this capability on Bob's behalf, since the
> capability is
> more powerful in the hands of the service than it is in Bob's.
>
> This service is potentially confusable.
>
In other words, such a capability can't be allowed to re-enter the domain, even as a parameter.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list